Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/RfK-wD2NckggqP2jd1KsW8ILohM.roa
File: RfK-wD2NckggqP2jd1KsW8ILohM.roa (raw, json)
Hash identifier: Vanu0GQ/V69dZ8U+FW7BzoymejnrsLY1L482hNffjmg=
Subject key identifier: 45:F2:BE:C0:3D:8D:72:48:20:A8:FD:A3:77:52:AC:5B:C2:0B:A2:13
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7854
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RfK-wD2NckggqP2jd1KsW8ILohM.roa
Signing time: Fri 18 Jul 2025 05:12:07 +0000
ROA not before: Fri 18 Jul 2025 05:12:07 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30804 (0x7854)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 18 05:12:07 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=45F2BEC03D8D724820A8FDA37752AC5BC20BA213
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:cd:52:4b:01:c4:27:2d:82:fa:a9:bf:2e:4a:
55:83:b1:a8:9c:a4:9c:ea:b4:ac:87:e2:a3:b9:60:
24:23:ad:04:3e:88:06:b8:2f:aa:9b:ae:bd:90:a3:
df:a0:55:67:91:43:b2:8b:ed:c2:9e:e8:15:7f:66:
e6:f4:af:b9:b0:90:1b:7e:22:0e:af:2d:b3:a2:36:
14:ff:f2:53:83:49:70:a9:96:1f:59:c4:c9:e4:cf:
e1:bf:de:f0:99:2e:48:1b:8b:5a:b9:a5:a5:0f:19:
05:6a:85:f4:93:94:84:81:c8:ce:93:5a:05:ad:b5:
39:72:03:b5:48:61:ac:4a:bc:0e:dd:9d:87:46:6f:
ad:89:eb:38:3a:07:a2:7c:c8:f2:21:cc:aa:c1:cf:
bd:39:6f:4f:ad:0d:0f:c0:40:c5:ea:64:e3:1e:82:
32:a2:57:08:54:e8:54:a6:4c:c5:9f:0d:75:6c:60:
8f:ba:a6:10:e0:0c:97:4c:a9:e7:30:dc:d6:d7:b3:
30:ee:3a:cc:12:15:d4:cf:95:e1:62:ee:ba:13:c6:
f0:e5:e5:ad:12:d4:ec:3f:65:a5:18:81:2a:b1:50:
7d:8f:10:c7:e5:67:b7:73:d9:be:95:c7:0e:23:69:
1e:e6:41:7b:f1:35:ed:29:fd:3e:5c:68:68:09:32:
c6:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:F2:BE:C0:3D:8D:72:48:20:A8:FD:A3:77:52:AC:5B:C2:0B:A2:13
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RfK-wD2NckggqP2jd1KsW8ILohM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
34:a5:1b:5d:1e:5c:b1:bc:4a:b3:de:b2:2d:81:29:1c:7b:a9:
e6:39:9a:cb:a3:b5:a7:15:2c:07:1d:38:4f:6c:02:dc:39:4b:
a6:bf:bd:65:fd:97:35:8b:ab:f8:9b:d3:7f:1f:5d:fc:c2:b5:
06:ea:22:82:85:09:71:0b:68:88:77:82:d8:fd:e9:66:62:b4:
88:7d:2d:0c:d2:a7:dd:4a:55:96:2f:30:10:a8:81:eb:2b:92:
df:54:fc:aa:e6:40:43:a1:03:61:3f:94:45:42:fd:0a:a1:5d:
13:30:ba:83:a8:ed:ba:81:30:d8:4d:76:c5:b8:43:bc:6a:74:
ea:1b:9b:c5:74:4d:77:a7:e1:c1:e1:52:11:98:e3:5b:9c:77:
2d:ff:c8:45:d1:44:9d:1a:f5:ea:25:02:61:0a:3f:16:6b:f9:
72:ea:25:53:53:1e:08:4f:27:f8:90:ce:d5:5a:ec:9e:1c:76:
35:66:24:af:5f:ab:88:5d:c1:3e:e2:81:07:db:d6:4f:25:88:
c0:37:9e:fa:a2:53:64:00:5f:84:42:73:7b:19:04:26:0e:3d:
0d:29:5b:7a:94:96:7b:7d:c4:fc:a4:df:52:56:7d:7e:ae:62:
d4:99:38:1c:43:25:eb:61:41:c2:5b:5c:2a:30:46:2b:bc:ea:
c3:01:c6:bc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeFQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTgw
NTEyMDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ1RjJCRUMwM0Q4RDcy
NDgyMEE4RkRBMzc3NTJBQzVCQzIwQkEyMTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCczVJLAcQnLYL6qb8uSlWDsaicpJzqtKyH4qO5YCQjrQQ+iAa4
L6qbrr2Qo9+gVWeRQ7KL7cKe6BV/Zub0r7mwkBt+Ig6vLbOiNhT/8lODSXCplh9Z
xMnkz+G/3vCZLkgbi1q5paUPGQVqhfSTlISByM6TWgWttTlyA7VIYaxKvA7dnYdG
b62J6zg6B6J8yPIhzKrBz705b0+tDQ/AQMXqZOMegjKiVwhU6FSmTMWfDXVsYI+6
phDgDJdMqecw3NbXszDuOswSFdTPleFi7roTxvDl5a0S1Ow/ZaUYgSqxUH2PEMfl
Z7dz2b6Vxw4jaR7mQXvxNe0p/T5caGgJMsYPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQURfK+wD2NckggqP2jd1KsW8ILohMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JmSy13RDJOY2tnZ3FQ
MmpkMUtzVzhJTG9oTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA0pRtd
HlyxvEqz3rItgSkce6nmOZrLo7WnFSwHHThPbALcOUumv71l/Zc1i6v4m9N/H138
wrUG6iKChQlxC2iId4LY/elmYrSIfS0M0qfdSlWWLzAQqIHrK5LfVPyq5kBDoQNh
P5RFQv0KoV0TMLqDqO26gTDYTXbFuEO8anTqG5vFdE13p+HB4VIRmONbnHct/8hF
0USdGvXqJQJhCj8Wa/ly6iVTUx4ITyf4kM7VWuyeHHY1ZiSvX6uIXcE+4oEH29ZP
JYjAN576olNkAF+EQnN7GQQmDj0NKVt6lJZ7fcT8pN9SVn1+rmLUmTgcQyXrYUHC
W1wqMEYrvOrDAca8
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:39:09 2025 by rpki-client